﻿Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Admin (administrator) on ZALMANR1 (12-03-2016 15:14:08)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin &  (Available Profiles: Admin & Baruška & MSSQL$ADK)
Platform: Windows 10 Pro (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safepay\obksvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safepay\updatesrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PortableApps.com) C:\Users\Admin\Desktop\Scan\ClamWinPortable\ClamWinPortable.exe
(alch) C:\Users\Admin\Desktop\Scan\ClamWinPortable\App\clamwin\bin\ClamWin.exe
() C:\Users\Admin\Desktop\Scan\ClamWinPortable\App\clamwin\bin\freshclam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Users\Admin\AppData\Local\Temp\cleaner\avwebloader.exe
(Avira Operations GmbH & Co. KG) C:\Users\Admin\AppData\Local\Temp\cleaner\pccleaner\setup\cleaner.exe
(Avira Operations GmbH & Co. KG) C:\Users\Admin\AppData\Local\Temp\cleaner\pccleaner\setup\avscan.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Telegram Messenger LLP) C:\Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
(alch) C:\Users\Admin\Desktop\Scan\ClamWinPortable\App\clamwin\bin\ClamWin.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8483032 2015-05-28] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-09] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [888344 2016-02-05] (BlueStack Systems, Inc.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-03] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{93cd84c0-9c28-42cf-8441-bbe6616bf76d}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2560372422-2021965399-549226919-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2560372422-2021965399-549226919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-03] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO: No Name -> {ED858D4C-395F-4623-987B-B420994790C9} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\ssv.dll [2016-02-15] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-03] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-15] (Oracle Corporation)
Handler: cardisabled - No CLSID Value
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7c2brz7f.default-1457218423810
FF Homepage: about:home
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Disable Anti-Adblock - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7c2brz7f.default-1457218423810\extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi [2016-03-06]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7c2brz7f.default-1457218423810\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-12] [not signed]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{a171a864-424e-4d77-be5a-1ee220deccd3}] - C:\Program Files\Bitdefender\Bitdefender Safepay\spbxff
FF Extension: Bitdefender Safepay - C:\Program Files\Bitdefender\Bitdefender Safepay\spbxff [2014-11-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxps://safesearch.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Tampermonkey) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-12-09]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-12]
CHR Extension: (Avast Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [hhgfkbnifcfibjflcgibdmabmcgmjdco] - C:\Program Files\Bitdefender\Bitdefender Safepay\spbxcr.crx [2015-09-27]
CHR HKLM\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2560372422-2021965399-549226919-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2560372422-2021965399-549226919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-03]
CHR HKLM-x32\...\Chrome\Extension: [hhgfkbnifcfibjflcgibdmabmcgmjdco] - C:\Program Files\Bitdefender\Bitdefender Safepay\spbxcr.crx [2015-09-27]
CHR HKLM-x32\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
S4 appdrvrem01; C:\WINDOWS\System32\appdrvrem01.exe [551896 2015-04-11] (Protection Technology)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2015-10-02] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-03] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-02-05] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-02-05] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-02-05] (BlueStack Systems, Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 MSSQL$ADK; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\sqlservr.exe [163008 2015-07-16] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 OBKSvc; C:\Program Files\Bitdefender\Bitdefender Safepay\OBKSvc.exe [1242568 2014-11-11] (Bitdefender)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 SQLAgent$ADK; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\SQLAGENT.EXE [448704 2015-07-16] (Microsoft Corporation)
R2 UPDATESRV_SAFEPAY; C:\Program Files\Bitdefender\Bitdefender Safepay\updatesrv.exe [66784 2014-10-28] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 CmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [X]
S3 cmdvirth; "C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe" [X]
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2015-04-19] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-04-19] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-04-19] (LG Electronics Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 appdrv01; C:\Windows\System32\Drivers\appdrv01.sys [2715824 2015-04-11] (Protection Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2015-07-27] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-10] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-22] (Advanced Micro Devices)
S3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-02-05] (BlueStack Systems)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-11-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [828144 2015-11-18] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2015-04-02] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2015-04-02] (Windows (R) Win 7 DDK provider)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [146720 2012-09-05] (BitDefender LLC)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-07-14] (LogMeIn Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [41080 2016-01-29] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-23] (REALiX(tm))
S0 icquni; no ImagePath
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-12] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-10-01] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106120 2015-10-01] (McAfee, Inc.)
U5 mfevtp; C:\WINDOWS\system32\mfevtps.exe [250672 2016-03-05] (McAfee, Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2015-06-13] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2015-06-13] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek                                            )
S0 ssuhop; no ImagePath
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-10-04] (BitDefender S.R.L.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 aswArKrn; \??\C:\Users\Admin\AppData\Local\Temp\aswArKrn.sys [X]
S3 efavdrv; \??\C:\WINDOWS\system32\drivers\efavdrv.sys [X]
S3 MFE_RR; \??\C:\Users\Admin\AppData\Local\Temp\mfe_rr.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-12 15:14 - 2016-03-12 15:20 - 00024714 _____ C:\Users\Admin\Desktop\FRST.txt
2016-03-12 15:12 - 2016-03-12 15:13 - 02374144 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2016-03-12 13:07 - 2016-03-10 00:12 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6BA9.tmp
2016-03-12 13:07 - 2016-03-10 00:12 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6C09.tmp
2016-03-12 13:07 - 2016-02-23 18:10 - 00463744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6C0B.tmp
2016-03-12 13:07 - 2016-02-10 11:01 - 00287016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6C1C.tmp
2016-03-12 13:07 - 2016-02-03 18:08 - 00165344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6C1D.tmp
2016-03-12 13:07 - 2016-02-03 18:08 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6BE8.tmp
2016-03-12 13:07 - 2016-02-03 18:08 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6C0A.tmp
2016-03-12 13:07 - 2016-02-03 18:08 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6BF9.tmp
2016-03-12 13:06 - 2016-02-03 18:08 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-03-12 13:05 - 2016-03-12 13:05 - 00002482 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Admin
2016-03-10 06:25 - 2016-03-12 13:08 - 00000000 ____D C:\Program Files (x86)\LSoft Technologies
2016-03-10 06:25 - 2016-03-10 06:25 - 04097491 _____ C:\Users\Admin\Downloads\Iso-burner.zip
2016-03-09 15:09 - 2016-02-23 15:53 - 01314496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 15:09 - 2016-02-23 15:51 - 00633184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-03-09 15:09 - 2016-02-23 15:41 - 00299600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-09 15:09 - 2016-02-23 15:07 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-09 15:09 - 2016-02-23 14:23 - 00952968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 15:09 - 2016-02-23 14:11 - 00249976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-09 15:09 - 2016-02-23 13:39 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-09 15:09 - 2016-02-23 13:38 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-09 15:09 - 2016-02-23 13:16 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 15:09 - 2016-02-23 12:55 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 15:09 - 2016-02-23 12:45 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-09 15:09 - 2016-02-23 12:45 - 06788608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 15:09 - 2016-02-23 12:38 - 02663424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-09 15:09 - 2016-02-23 12:14 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-03-09 15:09 - 2016-02-23 12:04 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-09 15:09 - 2016-02-23 12:03 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-09 15:09 - 2016-02-23 11:55 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 15:09 - 2016-02-23 11:51 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-09 15:09 - 2016-02-23 11:51 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-09 15:09 - 2016-02-23 11:48 - 21859840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-09 15:09 - 2016-02-23 11:48 - 05157376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 15:09 - 2016-02-23 11:46 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-09 15:09 - 2016-02-23 11:45 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-09 15:09 - 2016-02-23 11:45 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 15:09 - 2016-02-23 11:44 - 01821696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-09 15:09 - 2016-02-23 11:38 - 07524864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-09 15:09 - 2016-02-23 11:17 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-09 15:09 - 2016-02-23 11:11 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 15:09 - 2016-02-23 11:03 - 01495040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-09 15:09 - 2016-02-23 11:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-09 15:09 - 2016-02-23 10:58 - 18800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-09 15:08 - 2016-02-23 15:52 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-09 15:08 - 2016-02-23 15:51 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-09 15:08 - 2016-02-23 15:50 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-09 15:08 - 2016-02-23 15:48 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-09 15:08 - 2016-02-23 15:48 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-09 15:08 - 2016-02-23 15:48 - 01123952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-09 15:08 - 2016-02-23 15:41 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 15:08 - 2016-02-23 15:41 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-03-09 15:08 - 2016-02-23 15:40 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-03-09 15:08 - 2016-02-23 15:38 - 00272752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-09 15:08 - 2016-02-23 15:36 - 00080128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-03-09 15:08 - 2016-02-23 15:11 - 00781984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 15:08 - 2016-02-23 15:11 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-09 15:08 - 2016-02-23 15:11 - 00103776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-03-09 15:08 - 2016-02-23 15:08 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-09 15:08 - 2016-02-23 14:39 - 00607416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-09 15:08 - 2016-02-23 14:30 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-09 15:08 - 2016-02-23 14:25 - 01085632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-09 15:08 - 2016-02-23 14:21 - 00529456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-09 15:08 - 2016-02-23 14:21 - 00141152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-09 15:08 - 2016-02-23 14:11 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-03-09 15:08 - 2016-02-23 14:11 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-03-09 15:08 - 2016-02-23 14:09 - 00229352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-09 15:08 - 2016-02-23 14:06 - 00069232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-03-09 15:08 - 2016-02-23 13:58 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-03-09 15:08 - 2016-02-23 13:50 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-09 15:08 - 2016-02-23 13:50 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-03-09 15:08 - 2016-02-23 13:42 - 00658536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 15:08 - 2016-02-23 13:42 - 00467296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-09 15:08 - 2016-02-23 13:42 - 00078176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-03-09 15:08 - 2016-02-23 13:35 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 15:08 - 2016-02-23 13:20 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-03-09 15:08 - 2016-02-23 13:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-03-09 15:08 - 2016-02-23 13:15 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-09 15:08 - 2016-02-23 13:15 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-03-09 15:08 - 2016-02-23 12:59 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-03-09 15:08 - 2016-02-23 12:59 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-09 15:08 - 2016-02-23 12:57 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-09 15:08 - 2016-02-23 12:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 15:08 - 2016-02-23 12:37 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-03-09 15:08 - 2016-02-23 12:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-09 15:08 - 2016-02-23 12:25 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 15:08 - 2016-02-23 12:18 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 15:08 - 2016-02-23 12:17 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-03-09 15:08 - 2016-02-23 12:17 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-03-09 15:08 - 2016-02-23 12:08 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-09 15:08 - 2016-02-23 12:02 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-09 15:08 - 2016-02-23 11:55 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 15:08 - 2016-02-23 11:45 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 15:08 - 2016-02-23 11:29 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-03-09 15:08 - 2016-02-23 11:00 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-09 15:07 - 2016-02-23 12:42 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-09 15:07 - 2016-02-23 12:03 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 15:07 - 2016-02-23 11:45 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-03-09 15:07 - 2016-02-23 11:17 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll


==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-12 15:22 - 2015-03-25 16:21 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2016-03-12 15:18 - 2015-10-03 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2016-03-12 15:16 - 2015-04-04 23:06 - 00000000 ____D C:\Users\Admin\Downloads\Telegram Desktop
2016-03-12 15:16 - 2015-03-23 19:01 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-12 14:59 - 2015-10-18 23:07 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-12 14:58 - 2015-03-23 22:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Telegram Desktop
2016-03-12 14:08 - 2015-07-14 23:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-12 13:30 - 2015-04-01 22:23 - 00000000 ____D C:\Users\Admin\AppData\Roaming\KeePass
2016-03-12 13:25 - 2015-06-29 18:00 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-12 13:19 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-12 13:08 - 2016-01-06 12:16 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-03-12 13:08 - 2016-01-06 12:16 - 00001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-12 13:08 - 2015-11-17 15:31 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-03-12 13:08 - 2015-04-21 21:08 - 00000000 ____D C:\Users\Admin\AppData\Local\LogMeIn Hamachi
2016-03-12 13:08 - 2015-03-30 19:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-12 13:04 - 2015-10-01 17:14 - 00000296 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Admin.job
2016-03-12 13:04 - 2015-04-03 19:23 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2016-03-12 13:02 - 2015-07-31 15:33 - 00000000 ____D C:\Users\Admin
2016-03-12 13:02 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-12 13:01 - 2015-07-31 18:33 - 00000000 ____D C:\Users\Baruška
2016-03-12 13:01 - 2015-07-31 15:44 - 00000000 ____D C:\Users\MSSQL$ADK
2016-03-12 13:01 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF
2016-03-12 13:01 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-12 13:01 - 2015-07-10 10:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-03-12 13:00 - 2015-10-15 14:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-03-12 13:00 - 2015-09-28 21:15 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ProductData
2016-03-12 13:00 - 2015-09-28 21:15 - 00000000 ____D C:\ProgramData\ProductData
2016-03-12 12:59 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-12 12:56 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\registration
2016-03-12 12:55 - 2015-03-21 08:51 - 00000000 ____D C:\Users\Admin\AppData\Local\Packages
2016-03-12 12:54 - 2015-10-15 14:24 - 00000000 ____D C:\Program Files\Microsoft Office
2016-03-12 03:15 - 2015-11-17 15:44 - 00000000 ____D C:\Users\Admin\Desktop\Škola
2016-03-11 19:37 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-10 19:41 - 2015-03-23 23:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\deluge
2016-03-10 04:36 - 2015-07-10 13:20 - 00356376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-10 04:34 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI(16)
2016-03-10 04:33 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-10 04:33 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-10 04:33 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-10 04:33 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-10 00:12 - 2015-11-17 15:31 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-03-10 00:12 - 2015-11-17 15:31 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-03-09 16:15 - 2015-09-03 19:42 - 00000000 ____D C:\Users\Admin\Desktop\Tor Browser
2016-03-09 15:58 - 2015-03-21 09:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 15:51 - 2015-03-21 09:54 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-09 14:42 - 2016-01-22 22:02 - 00000000 ____D C:\Users\Admin\AppData\Local\FSDART
2016-03-09 14:42 - 2015-09-27 19:21 - 00000000 ____D C:\ProgramData\Bitdefender
2016-03-09 14:42 - 2015-06-15 01:00 - 00000000 ____D C:\Program Files\Bitdefender
2016-03-09 05:50 - 2015-07-31 15:49 - 02345332 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-09 05:50 - 2015-07-10 17:02 - 01073962 _____ C:\WINDOWS\system32\perfh005.dat
2016-03-09 05:50 - 2015-07-10 17:02 - 00271530 _____ C:\WINDOWS\system32\perfc005.dat
2016-03-09 05:48 - 2015-03-23 22:15 - 00000000 ____D C:\Program Files\Recuva
2016-03-06 18:17 - 2015-03-23 23:50 - 00000000 ____D C:\Users\Admin\AppData\Roaming\PWGen
2016-03-05 20:43 - 2015-07-10 12:04 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-05 20:34 - 2016-01-30 01:46 - 34010104 _____ C:\Users\Admin\Downloads\60Second_x64.exe
2016-03-05 19:36 - 2015-10-02 21:37 - 00000000 ____D C:\ProgramData\F-Secure
2016-03-05 18:56 - 2015-10-01 21:37 - 00250672 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2016-03-05 14:43 - 2015-03-25 16:21 - 00001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-03-02 00:07 - 2015-04-10 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
2016-03-02 00:06 - 2015-09-27 00:45 - 00000000 ____D C:\ProgramData\Norton
2016-03-02 00:06 - 2015-09-23 21:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2016-03-02 00:06 - 2015-08-29 20:51 - 00000000 ____D C:\ProgramData\OO Software
2016-03-02 00:06 - 2015-08-22 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2016-03-02 00:06 - 2015-08-01 23:28 - 00000000 ____D C:\ProgramData\HitmanPro
2016-03-02 00:06 - 2015-07-31 15:29 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-02 00:06 - 2015-07-15 04:39 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-02 00:06 - 2015-06-30 18:39 - 00000000 ____D C:\ProgramData\ROCCAT
2016-03-02 00:06 - 2015-04-18 23:25 - 00000000 ____D C:\ProgramData\HP Product Assistant
2016-03-02 00:06 - 2015-04-18 22:50 - 00000000 ____D C:\ProgramData\HP
2016-03-02 00:06 - 2015-04-04 09:58 - 00000000 ____D C:\ProgramData\SlimWare Utilities, Inc
2016-03-02 00:06 - 2015-04-02 00:41 - 00000000 ____D C:\ProgramData\Skype
2016-03-02 00:06 - 2015-03-29 16:42 - 00000000 ____D C:\ProgramData\Oracle
2016-03-02 00:06 - 2015-03-24 21:07 - 00000000 ____D C:\ProgramData\Riot Games
2016-03-02 00:06 - 2015-03-23 23:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PWGen
2016-03-02 00:06 - 2015-03-23 23:50 - 00000000 ____D C:\Program Files (x86)\PWGen
2016-03-02 00:06 - 2015-03-23 19:23 - 00000000 ____D C:\ProgramData\ClassicShell
2016-03-02 00:06 - 2015-03-23 19:13 - 00000000 ____D C:\Users\Admin\AppData\Roaming\IObit
2016-03-02 00:06 - 2015-03-23 19:13 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\IObit
2016-03-02 00:06 - 2015-03-23 19:13 - 00000000 ____D C:\ProgramData\IObit
2016-03-02 00:06 - 2015-03-21 18:27 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2016-03-02 00:00 - 2015-09-19 09:47 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-03-02 00:00 - 2015-04-08 21:04 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2016-03-02 00:00 - 2015-04-02 00:41 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2016-03-01 23:59 - 2016-01-30 01:52 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-03-01 23:59 - 2015-09-23 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2016-03-01 23:59 - 2015-09-23 21:25 - 00000000 ____D C:\ProgramData\Comodo
2016-03-01 23:59 - 2015-06-09 22:57 - 00000000 ____D C:\ProgramData\IsolatedStorage
2016-03-01 23:59 - 2015-04-02 20:00 - 00000000 ____D C:\ProgramData\Zoner
2016-03-01 23:59 - 2015-03-26 15:54 - 00000000 ____D C:\ProgramData\Steam
2016-03-01 23:59 - 2015-03-23 22:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-01 23:59 - 2015-03-21 19:58 - 00000000 ____D C:\ProgramData\Adobe
2016-03-01 23:47 - 2015-05-13 22:26 - 00000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2016-03-01 19:32 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-27 17:06 - 2015-09-05 01:13 - 00000000 ____D C:\WINDOWS\Minidump
2016-02-27 17:05 - 2015-09-27 00:45 - 00000000 ____D C:\Users\Admin\AppData\Local\NPE
2016-02-24 15:55 - 2015-12-02 13:57 - 00000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-24 15:55 - 2015-12-02 13:57 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-24 03:11 - 2015-10-07 18:47 - 00002222 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-02-24 03:11 - 2015-09-05 17:19 - 00003550 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-24 03:11 - 2015-09-05 17:19 - 00003326 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-24 02:07 - 2015-03-23 19:13 - 00000000 ____D C:\Program Files (x86)\IObit
2016-02-24 01:39 - 2015-04-02 00:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-24 01:39 - 2015-04-02 00:21 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-24 01:26 - 2015-03-23 19:12 - 00000000 ____D C:\Hry
2016-02-24 00:35 - 2015-10-07 18:47 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-23 21:40 - 2015-03-23 23:29 - 00000000 ____D C:\Movies
2016-02-23 18:10 - 2015-11-17 15:31 - 00463744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-02-22 17:15 - 2015-04-01 22:51 - 00213214 _____ C:\Users\Admin\Desktop\DTBS.kdbx
2016-02-22 17:06 - 2015-11-05 18:20 - 00243880 _____ C:\Users\Admin\Downloads\Firefox Setup Stub 42.0.exe
2016-02-21 12:10 - 2015-05-22 16:42 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-17 01:51 - 2015-11-23 23:31 - 00001802 _____ C:\Users\Admin\Desktop\Word 2013.lnk
2016-02-16 12:19 - 2016-01-16 02:09 - 00001018 _____ C:\Users\Admin\Desktop\Daum Potplayer-64 Bits.lnk
2016-02-15 21:15 - 2015-08-28 12:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-15 20:57 - 2015-09-07 18:05 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-15 20:57 - 2015-08-28 12:50 - 00000000 ____D C:\Users\Admin\.oracle_jre_usage
2016-02-13 17:59 - 2015-10-30 20:11 - 00000000 ____D C:\$WINDOWS.~BT
2016-02-13 12:27 - 2016-02-07 23:16 - 00000000 ____D C:\Users\Admin\Documents\Český jazyk - pravopisná cvičení
2016-02-12 14:40 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2016-02-12 14:05 - 2014-01-22 07:52 - 00214832 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2016-02-12 14:04 - 2014-01-22 07:52 - 00122160 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2016-02-12 00:24 - 2015-08-02 01:45 - 11948968 _____ C:\Users\Admin\Desktop\Nový textový dokument.txt

==================== Files in the root of some directories =======

2016-01-23 23:52 - 2016-01-23 23:52 - 0145838 _____ () C:\Users\Admin\AppData\Local\ars.cache
2016-01-23 23:52 - 2016-01-23 23:52 - 0335326 _____ () C:\Users\Admin\AppData\Local\census.cache
2015-09-23 20:02 - 2015-09-23 20:02 - 0003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-23 23:00 - 2016-01-23 23:00 - 0000036 _____ () C:\Users\Admin\AppData\Local\housecall.guid.cache
2016-03-11 18:58 - 2016-03-11 18:58 - 0000218 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2015-03-21 20:10 - 2015-09-27 00:50 - 0007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2015-09-07 20:44 - 2015-09-07 20:44 - 0243595 _____ () C:\ProgramData\1441654844.bdinstall.bin
2015-09-27 19:22 - 2015-09-27 19:22 - 0201499 _____ () C:\ProgramData\1443378030.bdinstall.bin
2015-09-30 22:09 - 2015-09-30 22:09 - 0177845 _____ () C:\ProgramData\1443647147.bdinstall.bin
2016-01-30 01:48 - 2016-01-30 01:48 - 0050218 _____ () C:\ProgramData\1454114846.bdinstall.bin
2016-01-31 01:32 - 2016-01-31 01:32 - 0032614 _____ () C:\ProgramData\1454199274.bdinstall.bin
2016-03-05 20:36 - 2016-03-05 20:36 - 0050106 _____ () C:\ProgramData\1457206464.bdinstall.bin
2016-03-05 23:53 - 2016-03-05 23:53 - 0032540 _____ () C:\ProgramData\1457217569.bdinstall.bin
2015-07-31 15:29 - 2015-07-31 15:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-18 23:23 - 2015-07-14 01:23 - 0009270 _____ () C:\ProgramData\hpzinstall.log
2016-02-27 17:06 - 2016-02-27 17:06 - 0000016 _____ () C:\ProgramData\mntemp
2015-09-29 19:15 - 2015-09-29 19:15 - 0000000 _____ () C:\ProgramData\rebootpending.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-12 11:01

==================== End of FRST.txt ============================